aa.exe Leads to unknown Chinese Malware Infection FULL PCAP file download 111.67.197.151 port 6666

Download Attachments

  • 1 pcap aa
    Date added: December 17, 2016 5:13 am Added by: admin File size: 16 KB Downloads: 113

SHA256:     b89384e4dcec9c280b145b0f4aa7d05e783449ada227fb51ccbd2f25adfb57ca
File name:     aa.exe
Detection ratio:     24 / 55
Analysis date:     2016-12-17 01:32:37 UTC ( 0 minutes ago )

Antivirus     Result     Update
AVG     Win32/DH{I4F6gmU?}     20161216
AVware     Trojan.Win32.Generic!BT     20161217
Ad-Aware     Application.Tool.SIY     20161217
AegisLab     Heur.Advml.Gen!c     20161216
Arcabit     Application.Tool.SIY     20161217
Avast     Win32:Malware-gen     20161217
BitDefender     Application.Tool.SIY     20161216
ClamAV     Win.Trojan.Agent-1890258     20161216
DrWeb     Trojan.Siggen7.8058     20161217
ESET-NOD32     Win32/Spy.Agent.PAR     20161217
F-Secure     Application.Tool.SIY     20161217
GData     Application.Tool.SIY     20161217
Jiangmin     Trojan.Agent.aqqh     20161216
K7GW     Riskware ( 0040eff71 )     20161217
Kaspersky     Trojan.Win32.Agent.ijwp     20161216

 

 

2016-12-16 22:40:55.281087 IP 192.168.1.102.59699 > 104.214.150.216.80: Flags [P.], seq 0:284, ack 1, win 258, length 284: HTTP: GET /aa.exe HTTP/1.1
E..D,A@……..fh….3.P<.~h3t”0P…I”..GET /aa.exe HTTP/1.1
Accept: application/x-shockwave-flash, image/gif, image/jpeg, image/pjpeg, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept-Encoding: gzip, deflate
Host: 104.214.150.216
Connection: Keep-Alive

 

2016-12-16 22:41:07.611900 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [.], ack 3576552473, win 256, options [nop,nop,sack 1 {0:1}], length 0
E..4..@….V…foC…..
…..-………….
.-…-..

2016-12-16 22:43:58.018666 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [P.], seq 0:186, ack 1, win 256, length 186
E…..@……..f6..n.:..R.p….nP………………l.].c..3)…..!…..Y.@~.Y..f/.,….0.(…/.’…..k.9…g.3…..n………client-cf.dropbox.com………
………………………     .
.#….. …………………………..
2016-12-16 22:43:58.045426 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 2921, win 256, length 0
E..(..@……..f6..n.:..R.q…..P………….
2016-12-16 22:43:58.049634 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [P.], seq 186:312, ack 3006, win 256, length 126
E…..@….6…f6..n.:..R.q….+P…0…….F…BA….K^.j.@.![….c..rh…..(…-….-….J. ).3..(…..>….  3………….(.b.%……r…1….U..B.?.OI…(t.Rx=?.o
2016-12-16 22:43:58.071702 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [P.], seq 312:793, ack 3248, win 255, length 481
E..     ..@……..f6..n.:..R.r…..P…@………b.%….8..zb.k8……3.].n}s../”..(..
.o.97………”..CB.NC..Q.3_….;.f.h..T”w….2S…O..N.AC.@.{..@z[..mT.Z^0.B.=.G…..[X.j.\..c..*[N…Qe.B…j..;.!.
.-.f.q8.`.
..S…f….lk(.5..6………gm\n..)0…vV.XAz.n.(……’…._.>…R.0…u…\…..O..!..        ….C…..(.f.0..+.j…3z..Ip<.D`.@…  z………i.c.:j…,>…..E.>.
..]pq…).z.>~8….@..-.(…j..E.T’.9Fc..X….&+.l..Tm……el……1mYq..%+S.6…….]Bn…<_d…       T…..?…c…..lF.3}…@…g4x4..>….z^..Q{V;..
2016-12-16 22:43:58.399542 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 6168, win 256, length 0
E..(..@……..f6..n.:..R.s…..P………….
2016-12-16 22:43:58.400811 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 9088, win 256, length 0
E..(..@……..f6..n.:..R.s…..P………….
2016-12-16 22:43:58.401577 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 11795, win 256, length 0
E..(..@……..f6..n.:..R.s…..P………….
2016-12-16 22:43:58.453402 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 11829, win 256, length 0
E..(..@……..f6..n.:..R.s…..P………….
2016-12-16 22:44:07.893502 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {0:1}], length 0
E..4..@….U…foC…..
…..-………….
.-…-..
2016-12-16 22:45:58.402490 IP 192.168.1.102.59706 > 54.230.18.110.443: Flags [.], ack 11861, win 256, length 0
E..(..@……..f6..n.:..R.s…..P………….
2016-12-16 22:47:08.061204 IP 192.168.1.102.59578 > 111.67.197.151.6666: Flags [.], ack 1, win 256, options [nop,nop,sack 1 {0:1}], length 0
E..4..@….T…foC…..
…..-………….
.-…-..

 

Leave a Reply